question

SaravananBalasubramanian-1640 avatar image
0 Votes"
SaravananBalasubramanian-1640 asked RitaHu-MSFT commented

SCCM MP Http test request failed, status code is 403, 'Forbidden'.


Hey Guys, I am getting repeated error that MP site role is not working properly. it was working fine before i renewed the DP & Web Server certificate and applied it to the SCCM.
i have followed the usual PKI setup process as per MS site. HTTPS is enabled on MP and it was like that for more than a year now .
any pointer to resolve would be appreciated





152751-image.png


mem-cm-generalmem-cm-osd
image.png (30.3 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SaravananBalasubramanian-1640
Thanks for your posting on Q&A.

I found a related case and it seems that the issue is due to certificates.

This issue may be affecting you if one or more certificates are returned after running the command below on your management point:

  Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List

Note that remember to confirm whether the certificates are indeed not needed before you remove them.

We could remove the certificates by running the below command:

  Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Remove-Item

Hope the above will be helpful.

Regards,
Rita

0 Votes 0 ·

Hi RitaHu, This command didnt return any result. but this issue is indeed due to the certificate. now one of the certificate have expired and so SCCM is picking a different certificate now, so the issue has gone.

is there a way to force SCCM to pick the correct certificate ?

for e.g: i have client installed on the SCCM server itself. It is picking up DP certificate for its own authentication rather using the computer client certificate.

1 Vote 1 ·
RitaHu-MSFT avatar image RitaHu-MSFT SaravananBalasubramanian-1640 ·

@SaravananBalasubramanian-1640
I'm sorry that I haven't found the other way to do that. But we could review the certificates manually to check whether the certificate is expired or not.

I'm not familiar with PKI and I'm not sure if I could find the solution. But I will do more research further. I will come back if there is a update.

Of coursse, it is suggested to submit a service request to MS Professional tech support service so that a dedicated Support Professional can further assist with this request if the issue is urgent.

Here is a link for your reference:
https://support.microsoft.com/en-us/help/13948/global-customer-service-phone-numbers

Thanks for your understanding and cooperation.

Regards,
Rita

0 Votes 0 ·

0 Answers